Content distribution system, content distribution method and terminal device

ABSTRACT

A content distribution system, a content distribution method and a terminal device are capable of effectively preventing disadvantages of users who formally bought content. In the content system in which a distribution server and a terminal device are connected through a network, even content is taken out from a storage means of the terminal device to the outside later, the content always carries user identification information, so that even the user having the content distributes the content over the network illegally, the distributor of the content can be found with sure.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a content distribution system, a contentdistribution method and a terminal device, and more particularly, issuitably applied to a content distribution system using the Internet orthe like.

2. Description of the Related Art

In a content distribution system of this kind, a distribution serverdistributes data (hereinafter, referred to as content) to a requestinguser's personal terminal out of many personal terminals connected to theserver through a network such as the Internet, the content composed ofmaterial data such as text, video and audio based on a scenario.

At this time, such a cipher system is generally adapted that thedistribution server encrypts the content before transmission and theuser's personal terminal is allowed to display the content only when itcan decrypt the encrypted content received through the network.

In the content distribution system adapting such cipher system, however,a user views content after decryption, so that if the content stored onthe hard disk or in an external memory of his/her personal terminal istaken out to the outside, or if the content is published over thenetwork, the content can be illegally copied and it is difficult toprevent such data leakage.

Even if illegally-copied content or content which is illegally publishedover the network is detected, it is difficult to find a person whichillegally obtained the content and to certify the identity of thecontent. Therefore, to prevent this illegal data leakage, some actionsbeyond legal regulations should be done.

In addition, because easy digital copy can create content which iscompletely the same as the original, what we can do is to strictlyprotect copyright. As a result, users should follow more strict usagerule than before, and more users who formally bought content are notsatisfied with the rule.

SUMMARY OF THE INVENTION

In view of the foregoing, an object of this invention is to provide acontent distribution system, a content distribution method and aterminal device which are able to effectively avoid disadvantages in thepurchase of content.

The foregoing object and other objects of the invention have beenachieved by the provision of a content distribution system in which adistribution server and a terminal device are connected through anetwork. The distribution server comprises an embedding means forembedding in content watermark information generated by performingprescribed spreading modulation on user identification informationuniquely assigned to the terminal device and a storage definition flagof which the state is preset on the terminal device side, an encryptionmeans for encrypting the content having the watermark informationembedded therein, and a transmission means for transmitting theencrypted content to the terminal device through the network, and theterminal device comprises a reception means for receiving the encryptedcontent, an extraction means for extracting the user identificationinformation and the storage definition flag by performing prescribedprocessing on the watermark information embedded in the content, adecryption means for decrypting the encrypted content depending on theexistence of the user identification information, a judgement means forjudging based on the state of the storage definition flag whether thedecrypted content should be encrypted before being stored, and a storagemeans for storing the content having the watermark information embeddedtherein.

As a result, in this content distribution system, even the content istaken out to the outside from the storage means of the terminal deviceafterward, the content always carries the user identificationinformation. Therefore, even if the user having the content distributesthe content over the network illegally, the distributor of the contentcan be found with sure.

Further, in the present invention, in a content distribution method of acontent distribution system in which a distribution server and aterminal device are connected through a network, the distribution servercomprises a first step of embedding in content watermark informationgenerated by performing prescribed spreading modulation on useridentification information uniquely assigned to the terminal device anda storage definition flag of which the state is preset on the terminaldevice side, a second step of encrypting the content having thewatermark information embedded therein, and a third step of sending theencrypted content to the terminal device through the network, and theterminal device comprises a fourth step of receiving the encryptedcontent, a fifth step of extracting the user identification informationand the storage definition flag by performing prescribed processing onthe watermark information embedded in the content, a sixth step ofdecrypting the encrypted content depending on the existence of the useridentification information, a seventh step of judging based on the stateof the storage definition flag whether the decrypted content should beencrypted before being stored, and an eighth step of storing the contenthaving the watermark information embedded therein.

As a result, in this content distribution method, even the content istaken out to the outside from the storage means of the terminal deviceafterward, the content always carries the user identificationinformation. Therefore, even if the user having the content distributesthe content over the network illegally, the distributor of the contentcan be found with sure.

Still further, in a content distribution method of a contentdistribution system in which a distribution server and a terminal deviceare connected through a network, the distribution server comprises afirst step of adding to content user identification information uniquelyassigned to the terminal device and a storage definition flag of whichthe state is preset on the terminal device side, a second step ofencrypting the content having the user identification information andthe storage definition flag added thereto, and a third step of sendingthe encrypted content to the terminal device through the network, andthe terminal device comprises a fourth step of receiving the encryptedcontent, a fifth step of extracting the user identification informationand the storage definition flag from the content, a sixth step ofdecrypting the encrypted content depending on the existence of the useridentification information, a seventh step of judging based on thevalidly of the user identification information whether to convert theuser identification information into watermark information throughprescribed spreading modulation and then to embed the watermarkinformation in the content, an eighth step of judging based on the stateof the storage definition flag whether the decrypted content should beencrypted before being stored, and a ninth step of storing the contenthaving the watermark information embedded therein.

As a result, in this content distribution method, since the contentalways carries the user identification information even the content istaken out to the outside from the storage means of the terminal deviceafterward, if the user having the content distributes the content overthe network illegally, the distributor of the content can be found withsure.

Still further, in the present invention, in a content distributionmethod of a content distribution system in which a distribution serverand a terminal device are connected through a network, the distributionserver comprises a first step of adding to content user identificationinformation uniquely assigned to the terminal device and a storagedefinition flag of which the state is preset on the terminal deviceside, a second step of encrypting the content having the useridentification information and the storage definition flag addedthereto, and a third step of sending the encrypted content to theterminal device through the network, and the terminal device comprises afourth step of receiving and storing the encrypted content in aprescribed storage means, a fifth step of extracting the useridentification information and the storage definition flag from thecontent when the content is read from the storage means as required, asixth step of decrypting the encrypted content depending on theexistence of the user identification information, a seventh step ofconverting the user identification information into watermarkinformation through prescribed spreading modulation and embedding thewatermark information in the decrypted content, and an eighth step ofstoring the content having the watermark information embedded therein,in the storage means.

As a result, in this content distribution method, the content alwayscarries the user identification information even the content is takenout to the outside from the storage means afterward. Therefore, even ifthe user having the content distributes the content over the networkillegally, the distributor of the content can be found with sure.

Still further, in the present invention, a terminal device controllingcontent comprises an extraction means for, in the case where watermarkinformation generated by performing prescribed spreading modulation onuser identification information uniquely assigned to the terminal deviceand a storage definition flag of which the state is preset on theterminal device side is embedded in content, extracting the useridentification information and the storage definition flag by performingprescribed processing on the watermark information embedded in thecontent, a decryption means for, in the case where the content has beenencrypted, decrypting the encrypted content depending on the existenceof the user identification information, a judgement means for judgingbased on the state of the storage definition flag whether the decryptedcontent should be encrypted before being stored, and a storage means forstoring the content having the watermark information embedded therein.

As a result, even the content is taken out to the outside from thestorage means afterward, the content always carries the useridentification information. Therefore, if the user having the contentdistributes the content over the network illegally, the distributor ofthe content can be found with sure.

The nature, principle and utility of the invention will become moreapparent from the following detailed description when read inconjunction with the accompanying drawings in which like parts aredesignated by like reference numerals or characters.

BRIEF DESCRIPTION OF THE DRAWINGS

In the accompanying drawings:

FIG. 1 is a schematic diagram showing the construction of a contentdistribution system of the first embodiment;

FIG. 2 is a block diagram showing the internal construction of thedistribution server shown in FIG. 1;

FIG. 3 is a block diagram showing the internal construction of thepersonal terminal shown in FIG. 1;

FIG. 4 is a block diagram showing the internal construction of themanagement server shown in FIG. 1;

FIG. 5 is a flowchart explaining a content reception processingprocedure according to the first embodiment;

FIG. 6 is a schematic diagram showing the construction of a contentdistribution system of the second embodiment;

FIG. 7 is a block diagram showing the internal construction of thedistribution server shown in FIG. 6;

FIG. 8 is a block diagram showing the internal construction of thepersonal terminal shown in FIG. 6;

FIG. 9 is a flowchart explaining a content reception processingprocedure according to the second embodiment;

FIG. 10 is a block diagram showing the construction of a personalterminal of the third embodiment;

FIG. 11 is a flowchart explaining a content reception processingprocedure according to the third embodiment;

FIG. 12 is a flowchart explaining a management processing procedure forcontent from users according to the first to third embodiments; and

FIG. 13 is a flowchart explaining a management processing procedure forcontent based on file sharing according to the first to thirdembodiments.

DETAILED DESCRIPTION OF THE EMBODIMENT

Preferred embodiments of this invention will be described with referenceto the accompanying drawings:

(1) First Embodiment

(1-1) Entire Construction of Content Distribution System According tothe First Embodiment

In FIG. 1, reference numeral 1 shows a content distribution system ofthe present invention. This system is constructed by connecting througha network 5 a plurality of users' personal terminals 2 (2 ₁-2 _(n)), anda distribution server 3 and a management server 4 installed by a serviceprovider.

Each personal terminal 2 is a general personal computer installed in ahouse or company, and is able to communicate with another personalterminal 2 and the distribution server 3 through the network 5 for datacommunication and to display Web pages based on screen data obtainedthrough the communication.

The distribution server 3, on the other hand, is a Web server anddatabase server for performing various processing relating to variousservices, as described later, provided by the service provider, and isable to communicate with a personal terminal 2 accessing through thenetwork 5, for content communication.

As to the management server 4, the service provider checks content onthe network sent from the personal terminals 2 to see if there is anycopyright-infringing content, and when it detects copyright-infringingcontent, the management server 4 sends a warning through the network tothe personal terminal which distributed the content.

(1-2) Construction of Distribution Server

FIG. 2 shows the construction of the distribution server 3. As apparentfrom FIG. 2, the distribution server 3 is constructed by connecting witha bus BUS a central processing unit (CPU) 10 for controlling the entireoperation of the distribution server 3, a read only memory (ROM) 11storing various software, a random access memory (RAM) 12 serving as awork memory of the CPU 10, a hard disk device (HDD) 13 storing variousdata and various content, a network interface 14 as an interfaceenabling the CPU 10 to communicate with the outside through the network5 (FIG. 1), a flash memory 15, an encoder 16 for performing audiocompression processing under, for example, adaptive transform acousticcoding 3 (ATRAC3) on content when the content composed of audioinformation is read from the HDD 13, and an encryption unit 17 forperforming encryption processing under public-key infrastructure (PKI)or the like on compression-encoded content.

In addition to the above structure, the distribution server 3 has aspreading modulation unit 19 for performing prescribed spreadingmodulation (spread spectrum modulation, for example) on variousinformation read from the flash memory 15, and an embedding unit 18 forembedding watermark information, described later, given from thespreading modulation unit 19 in content given from the HDD 13. Thecontent having the watermark information embedded therein is given tothe encoder 16 and then to the encryption unit 17.

First, the CPU 10 takes in data or commands from a personal terminal 2accessing through the network 5 (FIG. 1), via the network interface 14,and performs various processing based on the data or commands andsoftware stored in the ROM 11.

Then, as a result of the processing, the CPU 10 sends prescribed contentor data, such as other programs or commands, read from the HDD 13, tothe corresponding personal terminal 2 via the network interface 14 afterencrypting it according to necessity.

As described above, the distribution server 3 can communicate content orother necessary data with the accessing personal terminal 2. It shouldbe noted that the HDD 13 of the distribution server 3 stores a pluralityof databases (not shown), so as to read necessary information fromcorresponding databases when performing various processing.

(1-3) Construction of Personal Terminal

FIG. 3 shows the internal construction of the main section 2H of thepersonal terminal 2. The main section 2H of the personal terminal 2 isconstructed by connecting with a bus BUS to each other a CPU 20 forcontrolling the entire operation of the personal terminal, a ROM 21storing various software, a RAM 22 serving as a work memory of the CPU20, a HDD 23 storing various data, a network interface 24 enabling theCPU 20 to communicate with the outside via the network 5 (FIG. 1), anaudio processor 26 connected to a speaker 25, an image processor 28connected to a display 27, an interface 31 connected to a keyboard 29and a mouse 30, and a decryption unit 32 for decrypting encryptedcontent given via the network interface 24.

In addition to the above units, the main body 2H of the personalterminal 2 has an ID•flag detector 34 for detecting watermarkinformation embedded in content decrypted by the decryption unit 32, anencryption unit 35 for encrypting content depending on the detectedresult of the ID•flag detector 32, and a decryption/decoding unit 36 forperforming, if necessary, decryption processing and restoring theoriginal content from compressed content.

First, the CPU 20 takes in via the network interface 24 data or commandsgiven from the distribution server 3 or another personal terminal 2accessing through the network 5 (FIG. 1), carries out various processingbased on the data or commands, and software stored in the ROM 21.

As a result of the processing, the CPU 20 sends, for example, prescribedcontent or data such as other programs or commands, read from the HDD23, to the distribution server 3 or the corresponding personal terminal2 via the network interface 24.

As described above, the personal terminal 2 can communicate content andother necessary data with the distribution server 3 or another personalterminal accessing. It should be noted that the HDD 23 of the personalterminal 2 stores a plurality of databases (not shown), so as to readnecessary information from corresponding databases when performingvarious processing.

(1-4) Construction of Management Server

FIG. 4 shows the construction of the management server 4. Thismanagement server 4 is constructed by connecting with a bus BUS to eachother a CPU 40 for controlling the entire operation of the managementserver 4, a ROM 41 storing various software, a RAM 42 serving as a workmemory of the CPU 40, a HDD 43 storing various data and various content,a network interface 44 enabling the CPU 40 to communicate with theoutside through the network 5 (FIG. 1), a flash memory 45, and anillegal content detector 46 for detecting illegal content by checkingcontent on the network 5.

The HDD 43 of this management server 4 stores databases (not shown)having user identification information X_(ID) uniquely assigned to eachpersonal terminal 2 formally registered in the distribution server 3.

The illegal content detector 46 uses file sharing software such as WinMXor Gnutella to obtain content distributed from the personal terminals 2by monitoring the network 5 (FIG. 1).

The illegal content detector 46 detects the user identificationinformation X_(ID) included in the obtained content, to judge if thedistributor of the content matches the user identification informationX_(ID) on the personal terminal 2 of a user formally registered. Then,the illegal content detector 46 makes prescribed notification or warningto the personal terminal 2 which distributed the content, regardless ofthe result, match or unmatch.

(1-5) Content Distribution from Distribution Server to Personal Terminal

When a personal terminal 2 actually accesses the distribution server 3in this content distribution system 1, the CPU 10 of the distributionserver 3 shown in FIG. 2 retrieves user identification information (ID)X_(ID) assigned to the user of the personal terminal 2 and a prescribedjudgement flag (hereinafter, referred to as storage definition flag)X_(FLG) provided together with the user identification informationX_(ID), from the flash memory 15.

This storage definition flag X_(FLG) is a flag indicating if the contentshould be encrypted before being stored on the HDD 23 of the user'spersonal terminal 2, and is preset to be up or down by the user.

Then, the CPU 10 of the distributions server 3 sends the useridentification information X_(ID) and the storage definition flagX_(FLG) to the spreading modulation unit 19. The spreading modulationunit 19 performs prescribed spreading modulation on the useridentification information X_(ID) and the storage definition flagX_(FLG), so as to generate watermark information X_(WM1).

This watermark information X_(WM1) is a kind of copyright information tobe embedded in a redundant part of content with a technique called“digital watermark”, and the embedding part is determined according tothe kind of content.

In a case where content is composed of audio information, for example,the watermark information X_(WM1) is embedded as a noise in anunimportant part of the content which people can not hear, withutilizing the hearing characteristics of human in which weak soundsexisting within several tens of milliseconds before and after strongsounds are deadened by the strong sounds.

Then, the CPU 10 of the distribution server 3 controls the embeddingunit 18 to embed the watermark information X_(WM1) in user desiredcontent D1 retrieved from the HDD 13, so as to generate synthesizedinformation data D2.

Specifically, the synthesized information data D2 is generated bysampling audio information being the content D1 with a prescribedsampling frequency (for example, 44.1 kHz) with the aforementioneddigital watermark technique, searching for lower bits, and thenembedding the watermark information X_(WM1) in the lower bits, or byanalyzing the waveform of the content D1 being audio information usingFourier transformation or wavelet transformation and then embedding thewatermark information X_(WM1) in a specific frequency component.

Sequentially, the CPU 10 of the distribution server 3 controls theembedding unit 18 to send the obtained synthesized information data D2to the encoder 16 to compression-encode it, and then controls theencryption unit 17 to perform prescribed encryption (hereinafter,referred to as first encryption) on the compression-encoded data.

Then, the CPU 10 of the distribution server 3 sends the compressedinformation data (hereinafter, referred to as distribution content data)D3, which was encrypted by the encryption unit 17, via the networkinterface 14 to the corresponding personal terminal 2 connected on thenetwork 5.

On the other hand, in this content distribution system 1, the CPU 20 ofthe personal terminal shown in FIG. 3 carries out a content receptionprocessing procedure RT1 shown in FIG. 5 starting with step SP0. The CPU20 sends the distribution content data D3 sent from the distributionserver 3 via the network 5 (FIG. 1), to the decryption unit 32 via thenetwork interface 24 (step SP1).

At this time, the CPU 20 of the personal terminal 2 judges whether thedistribution content data D3 includes the user identificationinformation X_(ID) (step SP2), and only when the user identificationinformation X_(ID) exists, it performs decryption processing fordecrypting the aforementioned first encryption with the decryption unit32 (step SP3).

When it is judged that the distribution content data D3 does not includethe user identification information X_(ID), the CPU 20 of the personalterminal 2 displays a message on the display 27 to let the user knowthat the first encryption is not allowed to be decrypted (step SP4).

After the decryption unit 32 performs the decryption, the CPU 20 of thepersonal terminal 2 sends the resultant distribution content data(hereinafter, referred to as compressed content data) D4 to both theID•flag detector 34 and the encryption unit 35.

The ID•flag detector 34 performs despreading modulation processing onthe watermark information X_(WM1) embedded in the compressed contentdata D4, to extract the user identification information X_(ID) and thestorage definition flag X_(FLG) from the watermark information X_(WM1).

At this time, the CPU 20 of the personal terminal 2 retrieves the useridentification information X_(ID) assigned to the personal terminal 2,from the RAM 22 to judge if the user identification information X_(ID)extracted by the ID•flag detector 34 matches the user identificationinformation X_(ID) retrieved (step SP5).

If an affirmative result is obtained, the CPU 20 of the personalterminal 2 judges if the storage definition flag X_(FLG) extracted bythe ID•flag detector 34 is an up flag or a down flag, to determinewhether to encrypt the compressed content data D4 sent from thedecryption unit 32 (step SP6).

If the user identification information X_(ID) extracted does not matchthe user identification information X_(ID) retrieved, the CPU 20 of thepersonal terminal 2 displays a message on the display 27 via the imageprocessor 28 to let the user know that he/she can not receive thecontent (step SP7).

Only when the storage definition flag X_(FLG) is an up flag, meaningthat the data should be encrypted, the encryption unit 35 performsprescribed encryption (hereinafter, referred to as second encryption) onthe compressed content data D4 given from the decryption unit 32 (stepSP8). This encryption may be the same as the first encryption.

Sequentially, the CPU 20 of the personal terminal 2 stores thecompressed content data D5 subjected to the second encryption by theencryption unit 35, on the HDD 23 (step SP9).

When the storage definition flag X_(FLG) is a down flag, meaning thatthe data should not be encrypted, on the contrary, the CPU 20 of thepersonal terminal 2 stores the compressed content data D4 on the HDD 23as it is (step SP9).

When the user makes a request for the content with the mouse orkeyboard, the CPU 20 of the personal terminal 2 retrieves thecorresponding compressed content data D4, D5 from the HDD 23 and sendsit to the decryption/decoding unit 36.

The decryption/decoding unit 36 decrypts, if necessary, the secondencryption of the compressed content data D4, D5, and then restores theoriginal content D1 from the compressed content data D4 (step SP10).

Thus, the CPU 20 of the personal terminal 2 can provide the user withthe original content D1 by outputting sounds based on the content D1from the speaker 25 via the audio processor 26 (step SP11).

(1-6) Operation and Effects of the First Embodiment

In the aforementioned content distribution system 1, when thedistribution server 3 receives an access request from a personalterminal 2, it retrieves and spreading-modulates the user identificationinformation X_(ID) and the storage definition flag X_(FLG) for the userof the personal terminal 2 to generate watermark information X_(WM1).

Then, the distribution server 3 embeds the watermark information X_(WM1)in the specified content D1, performs the first encryption on theresultant content to thereby generate the distribution content data D3which is then sent to the accessing personal terminal 2 via the network5.

The personal terminal 2 decrypts the first encryption of the receiveddistribution content data D3 on the condition that the data D3 includesthe user identification information X_(ID), and then extracts the useridentification information X_(ID) and the storage definition flagX_(FLG) from the watermark information X_(WM1) embedded in thecompressed content data D4.

Then, the personal terminal 2 performs the second encryption on thecompressed content data D4 having the watermark information X_(WM1)embedded therein and then stores the resultant on the HDD 23 only whenthe extracted user identification information X_(ID) matches the useridentification information X_(ID) assigned to the personal terminal 2 atthe time of registration to the distribution server 3 and the storagedefinition flag X_(FLG) is an up flag.

As described above, when the personal terminal 2 receives content fromthe distribution server 3 via the network 5, it stores the content onthe HDD 23 with the user identification information X_(ID) embeddedtherein as the watermark information X_(WM1). Thus, when the content istaken out from the HDD 23 to the outside afterward, the content alwaysincludes the user identification information X_(ID), so that it can bejudged if the content was obtained legally or illegally.

In the aforementioned content distribution system 1, the distributionserver 3 performs the first encryption on content having useridentification information X_(ID) and a storage definition flag X_(FLG)embedded therein as watermark information and sends the resultantcontent to the accessing personal terminal 2 via the network. Thepersonal terminal 2 decrypts the first encryption of the receivedcontent only when the content includes the user identificationinformation X_(ID), and when the user identification information X_(ID)is valid, stores the content on the HDD 23, after or without encryptiondepending on the state of the storage definition flag X_(FLG). As aresult, when the content is taken out from the HDD 23 to the outsideafterward, the content always includes the user identificationinformation X_(ID), so that if the user having the content distributesthe content over the network illegally, the distributor of the contentcan be found with sure, thus making it possible to realize the contentdistribution system 1 capable of effectively preventing disadvantages ofusers who formally bought content.

(2) Second Embodiment

(2-1) Entire Construction of Content Distribution System According toSecond Embodiment

FIG. 6 shows a content distribution system 50 according to the secondembodiment. The content distribution system 50 has the same constructionas the content distribution system 1 of the first embodiment shown inFIG. 1, except for the constructions of personal terminals 51 (51 ₁-51_(n)) and distribution server 52.

(2-2) Constructions of Distribution Server and Personal TerminalAccording to Second Embodiment

FIG. 7 shows the distribution server 52 according to the secondembodiment, and the distribution server 52 has the same construction ofthe distribution server 3, except that there is no spreading modulationunit 19 (FIG. 2).

In this distribution server 52, an embedding unit 18 embeds useridentification information X_(ID) and a storage definition flag X_(FLG)retrieved by a CPU 10 from a flash memory 15, in content D1 retrievedfrom the HDD 13, and then sends the resultant to an encoder 16 and thenan encryption unit 17.

FIG. 8 shows a personal terminal 51 according to the second embodiment,and the personal terminal 51 has the same construction as the personalterminal 2 shown in FIG. 3, except that a main section 51H has aspreading modulation unit 55 and an embedding unit 56.

In this personal terminal 51, the spreading modulation unit 55 performsspreading modulation processing on user identification informationX_(ID) and a storage definition flag X_(FLG) and the embedding unit 56embeds the resultant in a redundant part of content, since thedistribution server 52 (FIG. 7) does not embed the user identificationinformation X_(ID) and the storage definition flag X_(FLG) in thecontent with the “digital watermark” technique.

(2-3) Content Distribution from Distribution Server to Personal Terminal

When the CPU 10 of the distribution server 52 shown in FIG. 7 actuallyreceives an access request from a personal terminal 51 (FIG. 6), itretrieves user identification information X_(ID) assigned to the user ofthe personal terminal 51 and a storage definition flag X_(FLG) from theflash memory 15.

Then, the CPU 10 of the distribution server 52 controls the embeddingunit 18 to embed the user identification information X_(ID) and thestorage definition flag X_(FLG) in user desired content D1 retrievedfrom the HDD 13, to thereby generate synthesized information data D10.

Specifically, the synthesized information data D10 is generated byrecording the user identification information X_(ID) and the storagedefinition flag X_(FLG) in the header of the data format of audio datacomposing the content D1, which is a different technique from theaforementioned digital watermark technique.

Then, the CPU 10 of the distribution server 52 controls the embeddingunit 18 to send the synthesized information data D10 to the encoder 16to compression-encode the data, and then controls the encryption unit 17to perform the first encryption on the resultant data, so as to therebygenerate distribution content data D11.

Then, the CPU 10 of the distribution server 52 sends the distributioncontent data D11 via a network interface 14 to the correspondingpersonal terminal 51 (FIG. 6) connected on the network 5.

The CPU 20 of the personal terminal 51 shown in FIG. 6, on the otherhand, carries out a content reception processing procedure RT2 shown inFIG. 9 starting with step SP20, and sends the distribution content dataD11, which was given from the distribution server 52 through the network5 (FIG. 1), to a decryption unit 32 via a network interface 24 (stepSP21).

At this time, the CPU 20 of the personal terminal 51 judges whether thedistribution content data D11 has the user identification informationX_(ID) (step SP22), and decrypts the aforementioned first encryption ofthe data D11 at the decryption unit 32 only when the user identificationinformation X_(ID) exists (step SP23)

If it is judged that the distribution content data D11 does not includethe user identification information X_(ID), the CPU 20 of the personalterminal 51 displays a message on a display 27 via an image processor 28to let the user know that the first encryption is not allowed to bedecrypted (step SP24).

After the decryption unit 32 decrypts the first encryption, the CPU 20of the personal terminal 51 sends the resultant compressed content dataD12 to both an ID•flag detector 34 and the embedding unit 56.

The ID•flag 34 extracts the user identification information X_(ID) andthe storage definition flag X_(FLG) from the compressed content dataD12. At this time, the CPU 20 of the personal terminal 51 retrieves theuser identification information X_(ID) assigned to the personal terminal51, from the RAM 22 to judge if this user identification informationX_(ID) matches the user identification information X_(ID) extracted bythe ID•flag detector 34 (step SP25).

If an affirmative result is obtained, the CPU 20 of the personalterminal 51 sends the user identification information X_(ID) and thestorage definition flag X_(FLG), which were extracted by the ID•flagdetector 34, to the spreading modulation unit 55 and an encryption unit35, respectively (step SP26).

If a negative result is obtained, on the contrary, the CPU 20 of thepersonal terminal 51 displays a massage on the display 27 to let theuser know that he/she can not receive the content (step SP27).

The spreading modulation unit 55 generates watermark information X_(WM2)by performing prescribed spreading modulation processing on the useridentification information X_(ID) sent from the ID•flag detector 34.Then, the CPU 20 of the personal terminal 51 controls the embedding unit56 to embed the watermark information X_(WM2) in the compressed contentdata D12 sent from the decryption unit 32, so as to thereby generatesynthesized compressed content data D13 (step SP26).

Sequentially, the CPU 20 of the personal terminal 51 detects whether thestorage definition flag X_(FLG) extracted by the ID•flag detector 34 isan up flag or down flag, to judge if the synthesized compressed contentdata D13 sent from the embedding unit 56 should be encrypted (stepSP28).

Only when the storage definition flag X_(FLG) is an up flag, meaningthat the data should be encrypted, the encryption unit 35 performssecond encryption on the synthesized compressed content data D13 (stepSP29).

Then, the CPU 20 of the personal terminal 51 stores the synthesizedcompressed content data D14 subjected to the second encryption, on theHDD 23 (step SP30).

When the storage definition flag X_(FLG) is a down flag, meaning thatthe data should not be encrypted, on the contrary, the encryption unit35 stores the synthesized compressed content data D13 on the HDD 23 asit is (step SP30).

When the user makes a request for the content with a mouse 29 orkeyboard 30 afterward, the CPU 20 of the personal terminal 51 retrievesthe corresponding synthesized compressed content data D13, D14 from theHDD 23 and sends it to a decryption/decoding unit 36.

The decryption/decoding unit 36 decrypts, if necessary, the secondencryption of the synthesized compressed content data D13, D14, andrestores the original content D1 from the synthesized compressed contentdata D13 (step SP31).

Thus, the CPU 20 of the personal terminal 51 provides the user with theoriginal content D1 by outputting sounds based on the content D1 from aspeaker 25 via an audio processor 26 (step SP32).

(2-4) Operation and Effects of the Second Embodiment

In this content distribution system 50 having the aforementionedconstruction, when the distribution server 52 receives an access requestfrom a personal terminal 51, it retrieves and embeds the useridentification information X_(ID) and the storage definition flagX_(FLG) for the user of the personal terminal 51, in specified contentD1, and performs the first encryption, to thereby generate distributioncontent data D11, and then sends the data D11 to the accessing personalterminal 51 via the network 5.

The personal terminal 51 decrypts the first encryption of thedistribution content data D11 on the condition that the data D11includes the user identification information X_(ID), and then extractsthe user identification information X_(ID) and the storage definitionflag X_(FLG) from the compressed content data D12.

Sequentially, the personal terminal 51 performs spreading modulation onthe user identification information X_(ID) to generate watermarkinformation X_(WM2) and judges whether the storage definition flagX_(FLG) is an up flag, only when the extracted user identificationinformation X_(ID) matches the user identification information X_(ID),stored in the RAM 22, assigned to the personal terminal 51.

Then, only when the storage definition flag X_(FLG) is an up flag, thepersonal terminal 51 embeds the watermark information X_(WM2) in thecompressed content data D12 to thereby generate the synthesizedcompressed content data D13, and performs the second encryption on thesynthesized compressed content data D13 and stores the resultant on theHDD 23.

As described above, when the personal terminal 51 receives the contentfrom the distribution server 52 via the network 5, it stores, on thecondition that the user identification information X_(ID) is valid, thecontent on the HDD 23 with the user identification information X_(ID)embedded in the content as the watermark information X_(WM2), after orwithout encryption depending on the state of the storage definition flagX_(FLG). As a result, even the content is taken out from the HDD 23 tothe outside afterward, the content always includes the useridentification information X_(ID), so that it can be judged whether thecontent was obtained illegally.

As described above, in the content distribution system 50, thedistribution server 52 performs the first encryption on content havinguser identification information X_(ID) embedded therein, and sends theresultant to the accessing personal terminal 2 through the network, andthe personal terminal 2 decrypts the first encryption of the receivedcontent only when the content includes the user identificationinformation X_(ID), and then only when the user identificationinformation X_(ID), is valid, it stores the content on the HDD 23 withthe user identification information X_(ID) embedded in the content aswatermark information X_(WM2), after or without encryption depending onthe state of the storage definition flag X_(FLG). As a result, even thecontent is taken out from the HDD 23 to the outside afterward, thecontent always includes the user identification information X_(ID), sothat even the user having the content distributes the content over thenetwork illegally, the distributor of the content can be found withsure, thus making it possible to realize the content distribution system50 capable of effectively prevent disadvantages of users who formallybought content.

(3) Third Embodiment

(3-1) Construction of Content Distribution System According to ThirdEmbodiment

A content distribution system (not shown) according to the thirdembodiment has the same construction as the content distribution system50 according to the second embodiment shown in FIG. 6, except for theconstructions of personal terminals 60 (60 ₁-60 _(n)).

FIG. 10 shows the construction of a personal terminal 60 according tothe third embodiment, and the personal terminal 60 has almost the sameconstruction as the personal terminal 51 shown in FIG. 8, except that amain section 60H has a flag detector 61 and recording unit 62 instead ofthe ID•flag detector 34 and the encryption unit 35.

This personal terminal 60 stores content on an HDD in advance and thenembeds user identification information X_(ID) in the content read fromthe HDD, which is a different technique from the technique of thepersonal terminal 51 according to the second embodiment where content isstored after user identification information X_(ID) is embedded therein.

(3-2) Content Distribution from Distribution Server to Personal Terminal

The CPU 20 of the personal terminal 60 shown in FIG. 10 carries out acontent reception processing procedure RT3 shown in FIG. 11 startingwith step SP40. The CPU 20 stores distribution content data D11 sentfrom the distribution server 52 through the network 5 (FIG. 1), on theHDD 23 via a network interface 24 (steps SP41 and SP42).

Then, in response to a user request or automatically, the CPU 20 of thepersonal terminal 60 retrieves the corresponding distribution contentdata D11 from the HDD 23 and sends it to a decryption unit 32 (stepSP43).

At this time, the CPU 20 of the personal terminal 60 judges whether thedistribution content data D11 includes user identification informationX_(ID) (step SP44), and only when the user identification informationX_(ID) exists, the decryption unit 32 decrypts the aforementioned firstencryption (step SP45).

When it is judged that the distribution content data D11 does notinclude the user identification information X_(ID), on the contrary, theCPU 20 of the personal terminal 60 displays a message on the display 27via an image processor 28 to let the user know that the first encryptionis not allowed to be decrypted (step SP46).

After the first encryption is decrypted, the decryption unit 32 sendsthe compressed content data D12 to the flag detector 61 and an embeddingunit 56. The flag detector 61 extracts the storage definition flagX_(FLG) from the compressed content data D12 and sends it to theembedding unit 56.

The CPU 20 of the personal terminal 60 retrieves from a RAM 22 the useridentification information X_(ID) assigned to the personal terminal 60,and controls a spreading modulation unit 55 to perform spreadingmodulation on the information X_(ID) and send the resultant as watermarkinformation X_(WM3) to the embedding unit 56.

The CPU 20 of the personal terminal 60 controls the embedding unit 56 toembed the watermark information X_(WM3) and the storage definition flagX_(FLG) in the compressed content data D12 to thereby generatesynthesized compressed content data D15 (step SP47).

Specifically, the synthesized compressed content data D15 is generatedby embedding the watermark information X_(WM3) in the content with theaforementioned digital watermark technique and recording the storagedefinition flag X_(FLG) in the header of the data format of audio datacomposing the content.

Then, the CPU 20 of the personal terminal 60 stores the synthesizedcompressed content data D15 on the HDD 23 via the recording unit 62(step SP48). At this time, the CPU 20 of the personal terminal 60deletes the existing original distribution content data D11 and newlystores the synthesized compressed content data D15 on the HDD 23.

Then, when the user makes a request for the content with the mouse 29 orkeyboard 30, the CPU 20 of the personal terminal 60 retrieves and sendsthe corresponding synthesized compressed content data D15 from the HDD23 to a decryption/decoding unit 36.

The decryption/decoding unit 36 restores the original content D1 fromthe synthesized compressed content data D15 (step SP49).

In this way, the CPU 20 of the personal terminal 60 provides the userwith the original content D1 by outputting sounds based on the contentD1 from the speaker 25 via an audio processor 26.

Note that, although this third embodiment does not specificallydescribed the usage of the storage definition flag, the storagedefinition flag can be used to judge if content data should be encryptedbefore being stored.

(3-3) Operation and Effects of Third Embodiment

In this content distribution system having the aforementionedconstruction, when the distribution server 52 receives an access requestfrom a personal terminal 60, it retrieves the user identificationinformation X_(ID) and the storage definition flag X_(FLG) for the userof the personal terminal 60 and embeds them in the specified content D1and performs the first encryption on the resultant data in order tothereby generate distribution content data D11, and sends the data D11to the accessing personal terminal 60 through the network 5.

The personal terminal 60 stores the distribution content data D11 on theHDD 23 once, and then reads out the distribution content data D11 fromthe HDD 23 as required and decrypts the first encryption on thecondition of the existence of the user identification informationX_(ID).

Sequentially, the personal terminal 60 extracts the storage definitionflag X_(FLG) from the compressed content data D12 subjected to thedecryption of the first encryption, and performs spreading modulation onthe user identification information X_(ID), stored in the RAM 22,assigned to the personal terminal 60, so as to generate watermarkinformation X_(WM3).

Then, the personal terminal 60 embeds the watermark information X_(WM3)and the storage definition flag X_(FLG) in the compressed content dataD12 to thereby generate the synthesized compressed content data D15which is then stored on the HDD 23.

As described above, when the personal terminal 60 receives content fromthe distribution server 52 through the network 5, it stores the contenton the HDD 23 of the personal terminal 60 once. Then, when the contentis retrieved as required, the personal terminal 60 re-stores the contentwith user identification information X_(ID) embedded in the content aswatermark information X_(WM3). As a result, even the content is takenout to the outside from the HDD 23 afterward, the content always carriesthe user identification information X_(ID), so that it can be judgedwhether the content was obtained illegally.

According to the aforementioned content distribution system, thedistribution server 52 performs the first encryption on content havinguser identification information X_(ID) and a storage definition flagX_(FLG) embedded therein and sends the resultant to the accessingpersonal terminal 60 through the network, and the personal terminal 60stores the received content on the HDD 23 once and when the content isretrieved as required, the personal terminal 60 decrypts the firstencryption on the condition of the existence of the user identificationinformation X_(ID) and then re-stores the content with the useridentification information X_(ID) embedded therein as watermarkinformation X_(WM3). Therefore, even the content is taken out to theoutside from the HDD 23 afterward, the content always carries the useridentification information X_(ID), so that even the user having thecontent distributes the content over the network illegally, thedistributor of the content can be found with sure, thus making itpossible to realize the content distribution system capable ofeffectively preventing disadvantages of users who formally boughtcontent.

(4) Warning by Management Server in First to Third Embodiments

(4-1) Processing for Managing Content Sent from Users

In the aforementioned first to third embodiments, the management server4 shown in FIG. 4 obtains content sent from each personal terminal 2, bymonitoring the network 5, judges if the distributor of the content isthe personal terminal 2 of a user formally registered, and sends anotification or warning depending on the judged result to the personalterminal which sent the content.

In actual, the CPU 40 of the management server 4 carries out a contentmanagement processing procedure RT4 shown in FIG. 12 starting with stepSP60, and proceeds to next step SP61 where it obtains content (contentdistribution data) sent from each personal terminal via the network 5.

In step SP62, the CPU 40 of the management server 4 judges whether theobtained content (content distribution data) has user identificationinformation X_(ID), and proceeds to step SP63 only when the useridentification information X_(ID) exists. In step SP63, the CPU 40obtains the user identification information X_(ID) assigned to thepersonal terminal which sent the content, from the distribution serverthrough the network 5.

The CPU 40 of the management server 4 proceeds to step SP64 where itjudges with the illegal content detector 46 whether the useridentification information X_(ID), extracted from the content (contentdistribution data) matches the user identification information X_(ID)obtained from the distribution server.

An affirmative result in step SP64 means that the personal terminalwhich is the distributor of the content belongs to a user formallyregistered for the distribution of the content. In this case, the CPU 40of the management server 4 proceeds to step SP65 where the illegalcontent detector 46 sends such a notification that, for example, “yourcontent is on the network”, to the personal terminal of the userformally registered, through the network.

Then, the CPU 40 of the management server 4 returns back to step SP61and repeats the aforementioned processing to detect illegal content onthe network.

A negative result in step SP64, on the contrary, means that the personalterminal which is the distributor of the content does not belong to auser formally registered for the distribution of the content. In thiscase, the CPU 40 of the management server 4 proceeds to step SP66 wherethe illegal content detector 46 sends such a warning that, for example,“you distributed another person's content illegally and may be punishedfor this copyright-illegal act”, to the personal terminal whichdistributed the content, through the network.

Then, the CPU 40 of the management server 4 returns back to step SP61and repeats the aforementioned processing to detect illegal content onthe network.

As described above, the management server 4 always monitors the network5 to detect content distributed from the personal terminals 2 and if itdetects the content on the network 5, it makes a prescribed notificationor warning to the personal terminal 2 which distributed the content, tolet the distributor of the content know about the notification orwarning, thus making it possible to previously prevent the infringementof copyright of the content on the network 5.

(4-2) Processing for Managing Content in File Sharing

In the aforementioned first to third embodiments, the management server4 shown in FIG. 4 obtains content sent from each personal terminal bymonitoring the network 5, detects whether the distributor of the contentis the personal terminal of a user formally registered, and sends anotification or warning to the personal terminal which distributed thecontent depending on the detected result.

In actual, the CPU 40 of the management server 4 carries out a contentmanagement processing procedure RT5 shown in FIG. 13 starting with stepSP70, and proceeds to step SP71 where it uses file sharing software toobtain content (content distribution data) sent from each personalterminal through the network 5.

The CPU 40 of the management server 4 judges in step SP72 whether theobtained content (content distribution data) carries user identificationinformation X_(ID), and only when the user identification informationX_(ID) exists, it proceeds to step SP73 where it obtains relatedinformation such as IP address, MAC address and date and time, based onthe shared file, from the obtained content, and proceeds to step, SP74to send the related information to the distribution server through thenetwork 5.

The CPU 40 of the management server 4 proceeds to step SP75 to obtainthe user identification information X_(ID) assigned to the personalterminal which is the distributor of the content, from the distributionserver through the network 5, proceeds to step SP76 where the illegalcontent detector 46 judges whether the obtained user identificationinformation. X_(ID) matches the user identification information X_(ID)extracted from the content (content distribution data).

An affirmative result in this step SP76 means that the personal terminalwhich is the distributor of the content belongs to a user formallyregistered for the distribution of the content, and in this case, theCPU 40 of the management server 4 proceeds to step SP77 to sendnotification data indicating that, for example, “your content is on thenetwork”, to the personal terminal of the user formally registeredthrough the network 5.

Then, the CPU 40 of the management server 4 returns back to step SP71and repeats the aforementioned processing to detect illegal content bymonitoring the network 5.

A negative result in step SP76, on the contrary, means that the personalterminal which is the distributor of the content does not belong to auser formally registered for the distribution of the content. In thiscase, the CPU 40 of the management server 4 proceeds to step SP78 wherethe illegal content detector 46 sends warning data indicating that, forexample, “you distributed another person's content illegally and may bepunished for the copyright infringing act” to the personal terminalwhich distributed the content over the network 5.

Then, the CPU 40 of the management server 4 returns back to step SP71and repeats the aforementioned processing to detect illegal content bymonitoring the network 5.

As described above, the management server 4 manages content distributedfrom the personal terminals by monitoring the network 5, and when itdetects content distributed over the network, it sends a prescribednotification or warning to the personal terminal of the user providing ashared file which distributed the content, to let the distributor of thecontent know about the notification or warning, thus making it possibleto previously prevent the infringing of the content distributed over thenetwork 5.

(5) Other Embodiments

Note that, in the first to third embodiments, this invention is appliedto the content distribution systems 1, 50 composed of personal terminals(terminal devices) 2, 51, 60 and a distribution server 3, 52, shown inFIG. 1 and FIG. 6. This invention, however, is not limited to this andis widely applied to a content distribution system having anotherconstruction.

Further, in the first to third embodiments, the personal terminals(terminal devices) 2, 51, 60 and the distribution server 3, 52 areconnected to each other via the network 5 such as the Internet. Thisinvention, however, is not limited to this and widely uses not only awired communication network such as public circuits or Local AreaNetwork (LAN) but also a radio communication network.

Still further, the distribution server 3, 52 can send content viapackage media (existing media) to a personal terminal (terminal device)2, 51, 60, not via a network. In this case, a user has to registerunique user identification information as identification to thedistribution server so that the distribution server can control it, whenhe/she buys the personal terminal, when he/she buys the media, or beforehe/she uses the content. At this time, the distribution server canencrypt the user identification information if necessary, so as to havethe user perform user identification when he/she uses the content.

Still further, in the first and second embodiments, the distributionserver 3, 52 sends content after performing encryption (firstencryption), and the personal terminal (terminal device) 2, 51 decryptsthe encryption (first encryption) of the content on the condition of theexistence of user identification information X_(ID), and only when theuser identification information X_(ID) is valid, it stores the contenton the HDD (storage means) 23, after or without performing the secondencryption depending on the state of the storage definition flagX_(FLG). This invention, however, is not limited to this, and after thepersonal terminal (terminal device) 2, 51 judges based on the useridentification information X_(ID) and/or the storage definition flagX_(FLG) whether to decrypting the encryption (first encryption) of thecontent received from the distribution server 3, 52, it can store thecontent subjected to the encryption or the decrypted content on the HDD(storage means) 23 depending on the judged result.

Still further, the aforementioned first and second embodiments havedescribed a case where the personal terminal (terminal device) 2, 51uses a storage definition flag X_(FLG) embedded in the content by thedistribution server 3, 52 to judge whether to encrypt content beforestoring it. This invention, however, is not limited to this and thisjudgement whether to encrypt content can be determined by a user havingthe personal terminal (terminal device) 2, 51, or a combination of bothcan be used. In this case, the encryption of content can be set for eachuser and/or each content.

Still further, the aforementioned first to third embodiments havedescribed a case where the distribution server 3, 52 or the personalterminal (terminal device) 2, 51, 60 converts user identificationinformation X_(ID) into watermark information through spreadingmodulation such as spread spectrum modulation. This invention, however,is not limited to this and an encryption technique such as Steganograpycan be used, provided that copyright information can be embedded incontent.

Still further, the aforementioned first to third embodiments havedescribed a case where a user ID assigned to a user having a personalterminal (terminal device) 2, 51, 60 is applied as user identificationinformation X_(ID) which is registered in the distribution server 3, 52.This invention, however, is not limited to this and an IP addressexpressed by the internet protocol version such as IPv6 (internetprotocol version 6) or IPv4 (internet protocol version 4), password,name of provider, or e-mail address, or ID or certification numberissued by a public organization or the like, or date and time, countryname, name of terminal device, serial number when produced, device ID,or the like can be widely used.

Still further, in the aforementioned first to third embodiments havedescribed a case where the management server 4 is provided on thenetwork 5 for, when user identification information X_(ID) is detectedfrom content by checking the content distributed from a personalterminal (terminal devices) 2, 51, 60, making a prescribed notificationor warning to the personal terminal (terminal device) 2, 51, 60depending on whether the user identification information X_(ID) matchesthe user identification information X_(ID) uniquely assigned to thepersonal terminal (terminal device) 2, 51, 60. This invention, however,is not limited to this and a management server having anotherconstruction can be widely used, provided that it can make anotification or warning to a user who distributed content over thenetwork.

Still further, the first embodiment has described a case where a contentdistribution system 1 is composed by connecting a distribution server 3and a terminal device 2 through a network 5, the distribution server 3comprising an embedding unit 18, a spreading modulation unit 19(embedding means) for converting user identification information X_(ID)uniquely assigned to the terminal device 2 and a storage definition flagX_(FLG) of which the state is preset on the terminal device 2 side intowatermark information X_(WM1) through prescribed spreading modulationand then embedding the watermark information X_(WM1) in content, anencryption unit (encryption means) 17 for performing prescribedencryption on the content having the watermark information X_(WM1)embedded therein, and a transmission means 14 for transmitting theencrypted content to the terminal device 2 through the network 5, andthe terminal device 2 comprising a network interface (receiving means)24 for receiving the content, an ID•flag detector (extracting means) 34for extracting the user identification information X_(ID) and thestorage definition flag X_(FLG) from watermark information X_(WM1)embedded in the content, through prescribed processing, a decryptionunit (decryption means) 32 for decrypting the encryption of the contentdepending on the existence of the user identification informationX_(ID), the CPU (judgement means) 20 for judging based on the state ofthe storage definition flag X_(FLG) whether the decrypted content shouldbe encrypted before being stored, and an HDD (storage means) 23 forstoring the content having the watermark information X_(WM1) embeddedtherein. This invention, however, is not limited to this and anotherkind of distribution server and terminal device can be widely applied,provided that the distribution server 3 can send to the personalterminal (terminal device) 2 content with user identificationinformation X_(ID) and a storage definition flag X_(FLG), set by thepersonal terminal (terminal device) 2, embedded in the content aswatermark information X_(WM1).

Still further, user identification information X_(ID) and a storagedefinition flag X_(FLG) can be added to content as flag information asthey are, without converting them into watermark information throughspreading modulation. In addition, in a case of encrypted content, sincesecurity is secured, the personal terminal (terminal device) can extractthis flag information only, without detecting watermark information.

Still further, in the aforementioned second embodiment, the distributionserver 52 adds to content user identification information X_(ID)uniquely assigned to a personal terminal (terminal device) 51 and astorage definition flag X_(FLG) of which the state is preset on theterminal device side, and the personal terminal (terminal device) 51extracts the user identification information X_(ID) and the storagedefinition flag X_(FLG) from the received content, decrypts theencryption of the content depending on the existence of the useridentification information X_(ID), and judges based on the validly ofthe user identification information X_(ID) if the terminal shouldconvert the user identification information X_(ID) into watermarkinformation X_(WM2) through prescribed spreading modulation and thenembed the watermark information X_(WM2) in the content. Then, thepersonal terminal 51 judges based on the state of the storage definitionflag X_(FLG) whether the decrypted content should be encrypted beforebeing stored, and stores the content having the watermark informationX_(WM2) embedded therein, after or without encryption depending on thejudged result. This invention, however, is not limited to this andanother kind of distribution server and terminal device can be widelyapplied, provided that the personal terminal (terminal device) 51 canembed user identification information X_(ID) in content as watermarkinformation X_(WM2).

Still further, the aforementioned third embodiment has described a casewhere the distribution server 52 adds to content user identificationinformation X_(ID) uniquely assigned to the personal terminal (terminaldevice) 60 and a storage definition flag X_(FLG) of which the state ispreset on the terminal device side, and the personal terminal (terminaldevice) 60 receives and stores the content on the HDD (storage means)23, and when it reads the content from the HDD (storage means) 23 asrequired, extracts the user identification information X_(ID) and thestorage definition flag X_(FLG) from the content, decrypts theencryption of the content depending on the existence of the useridentification information X_(ID), converts the user identificationinformation X_(ID) into watermark information X_(WM3) through prescribedspreading modulation and then embeds the watermark information X_(WM3)in the decrypted content. Then, the personal terminal (terminal device)60 stores the content having the watermark information X_(WM3) embeddedtherein on the HDD (storage means) 23. This invention, however, is notlimited to this and another kind of distribution server and terminaldevice can be widely applied, provided that the personal terminal(terminal device) 60 can embed user identification information X_(ID) incontent as watermark information X_(WM3) before or after the content isstored on the HDD (storage means) 23.

As described above, according to the present invention, in a contentdistribution system formed by connecting a distribution server and aterminal device through the network, the distribution server comprisesan embedding means for converting user identification informationuniquely assigned to the terminal device and a storage definition flagof which the state is preset on the terminal device side, into watermarkinformation through prescribed spreading modulation and then embeddingthe watermark information in content, an encryption means for performingprescribed encryption on the content having the watermark informationembedded therein, and a transmitting means for transmitting theencrypted content to the terminal device through the network, and theterminal device comprises a reception means for receiving the content,an extraction means for extracting the user identification informationand the storage definition flag by performing prescribed processing onthe watermark information embedded in the content, a decryption meansfor decrypting the encryption of the content depending on the existenceof the user identification information, a judgement means for judgingbased on the state of the storage definition flag whether the decryptedcontent should be encrypted before being stored, and a storage means forstoring the content having watermark information embedded therein.Thereby, even the content is taken out from the storage means of theterminal device to the outside afterward, the content always carries theuser identification information, so that even the user having thecontent distributes the content over the network illegally, thedistributor of the content can be found with sure, thus making itpossible to realize a content distribution system capable of effectivelypreventing disadvantages of users who formally bought content.

Still further, in a content distribution method of a contentdistribution system in which a distribution server and a terminal deviceare connected through a network, the distribution server comprises afirst step of converting user identification information uniquelyassigned to the terminal device and a storage definition flag of whichthe state is preset on the terminal device side, into watermarkinformation through prescribed spreading modulation, and then embeddingthe watermark information in content, a second step of performingprescribed encryption on the content having the watermark informationembedded therein, and a third step of sending the encrypted content tothe terminal device through the network, and the terminal devicecomprises a fourth step of receiving the content, the fifth step ofextracting the user identification information and the storagedefinition flag by performing prescribed processing on the watermarkinformation embedded in the content, a sixth step of decrypting theencryption of the content depending on the existence of the useridentification information, a seventh step of judging based on the stateof the storage definition flag whether the decrypted content should beencrypted before being stored, and an eighth step of storing the contenthaving watermark information embedded therein. Thereby, even the contentis taken out from the storage means to the outside afterward, thecontent always carries the user identification information, so that eventhe user having the content distributes the content over the networkillegally, the distributor of the content can be found with sure, thusmaking it possible to realize a content distribution method capable ofeffectively preventing disadvantages of users who formally boughtcontent.

Still further, a content distribution method of a content distributionsystem in which a distribution server and a terminal device areconnected through a network, the distribution server comprises a firststep of adding to content user identification information uniquelyassigned to the terminal device and a storage definition flag of whichthe state is preset on the terminal device side, a second step ofperforming prescribed encryption on the content having the useridentification information and the storage definition flag addedthereto, and a third step of transmitting the encrypted content to theterminal device through the network, and the terminal device comprises afourth step of receiving the content, the fifth step of extracting theuser identification information and the storage definition flag from thecontent, a sixth step of decrypting the encryption of the contentdepending on the existence of the user identification information, aseventh step of judging based on the validly of the user identificationinformation whether the user identification information should beconverted into watermark information through prescribed spreadingmodulation and the watermark information should be embedded in thecontent, an eighth step of judging based on the state of the storagedefinition flag whether the decrypted content should be encrypted beforebeing stored, and a ninth step of storing the content having thewatermark information embedded therein. Thereby, even the content istaken out from the storage means of the terminal device to the outsideafterward, the content always carries the user identificationinformation, so that even the user having the content distributes thecontent over the network illegally, the distributor of the content canbe found with sure, thus making it possible to realize a contentdistribution method capable of effectively preventing disadvantages ofusers who formally bought content.

Still further, in a content distribution method of a contentdistribution system where a distribution server and a terminal deviceare connected through a network, the distribution server comprises afirst step of adding to content user identification information uniquelyassigned the terminal device and a storage definition flag of the stateis preset on the terminal device side, a second step of performingprescribed encryption on the content having the user identificationinformation and storage definition flag added thereto, and a third stepof sending the encrypted content to the terminal device through thenetwork, and the terminal device comprises a fourth step of receivingand storing the content in a prescribed storage means, a fifth step of,when the content is retrieved from the storage means as required,extracting the user identification information and the storagedefinition flag from the content, a sixth step of decrypting theencryption of the content depending on the existence of the useridentification information, a seventh step of converting the useridentification information into watermark information through prescribedspreading modulation and embedding the watermark information into thedecrypted content, and an eighth step of storing the content having thewatermark information embedded therein in the storage means. Thereby,even the content is taken out from the storage means of the terminaldevice to the outside afterward, the content always carries the useridentification information, so that even the user having the contentdistributes the content over the network illegally, the distributor ofthe content can be found with sure, thus making it possible to realize acontent distribution method capable of effectively preventingdisadvantages of users who formally bought content.

Still further, the terminal device for managing content comprises anextraction means for, when watermark information generated by performingprescribed spreading modulation on user identification informationuniquely assigned to the terminal device and the storage definition flagof which the state is preset on the terminal device side is embedded incontent, performing prescribed processing on the watermark informationembedded in the content in order to extract the user identificationinformation and the storage definition flag, a decryption means for, ina case where the content has been encrypted, decrypting the encryptionof the content depending on the existence of the user identificationinformation, a judgement means for judging based on the storagedefinition flag whether the decrypted content should be encrypted beforebeing stored, and a storage means for storing the content having thewatermark information embedded therein. Thereby, even the content istaken out from the storage means to the outside afterward, the contentalways carries the user identification information, so that even theuser having the content distributes the content over the networkillegally, the distributor of the content can be found with sure, thusmaking it possible to realize a terminal device capable of effectivelypreventing disadvantages of users who formally bought content.

While there has been described in connection with the preferredembodiments of the invention, it will be obvious to those skilled in theart that various changes and modifications may be aimed, therefore, tocover in the appended claims all such changes and modifications as fallwithin the true spirit and scope of the invention.

1. A content distribution system including a distribution server and aterminal device connected through a network, wherein said distributionserver comprises: embedding means for converting user identificationinformation and a storage definition flag into watermark informationthrough spreading modulation and embedding the watermark information incontent, the user identification information uniquely assigned to saidterminal device, the storage definition flag having a state previouslyset on said terminal device side; encryption means for encrypting saidcontent having said watermark information embedded therein; andtransmitting means for transmitting said encrypted content to saidterminal device through said network, and said terminal devicecomprises: reception means for receiving said content; extraction meansfor extracting said user identification information and said storagedefinition flag from said watermark information embedded in saidcontent; decryption means for decrypting said encrypted contentdepending on the existence of said user identification information;judgment means for judging, based on the state of said storagedefinition flag, whether said decrypted content should be encryptedbefore being stored; and storage means for storing said content havingsaid watermark information embedded therein.
 2. The content distributionsystem according to claim 1, further comprising a management serverprovided on said network for sending a notification or warning to saidterminal device when content distributed from said terminal device isdetected and said user identification information is detected from thecontent.
 3. The content distribution system according to claim 2,wherein said management server sends said notification or warning tosaid terminal device depending on whether said detected useridentification information matches the user identification informationuniquely assigned to said terminal device.
 4. A content distributionmethod in a content distribution system including a distribution serverand a terminal device connected through the network, wherein saiddistribution server executes steps including: converting useridentification information and a storage definition flag into watermarkinformation through spreading modulation and embedding said watermarkinformation in content, the user identification information uniquelyassigned to said terminal device, the storage definition flag having astate previously set on said terminal device side; encrypting saidcontent having said watermark information embedded therein; andtransmitting said encrypted content to said terminal device through saidnetwork, and said terminal device executes steps including: receivingsaid content; extracting said user identification information and saidstorage definition flag from said watermark information embedded in saidcontent; decrypting said encrypted content depending on the existence ofsaid user identification information; judging, based on the state ofsaid storage definition flag, whether said decrypted content should beencrypted before being stored; and storing said content having saidwatermark information embedded therein.
 5. The content distributionmethod according to claim 4, further comprising sending a notificationor warning to said terminal device when content distributed from theterminal device over said network is detected and said useridentification information is detected from the content.
 6. The contentdistribution method according to claim 5, wherein said notification orsaid warning is sent to said terminal device depending on whether saiddetected user identification information matches the user identificationinformation uniquely assigned to said terminal device.
 7. A contentdistribution method in a content distribution system including adistribution server and a terminal device connected through a network,wherein said distribution server executes steps including: adding useridentification information and a storage definition flag to content, theuser identification information being uniquely assigned to said terminaldevice, the storage definition flag having a state previously set onsaid terminal device side; encrypting said content having said useridentification information and said storage definition flag addedthereto; and transmitting said encrypted content to said terminal devicethrough said network, and said terminal device executes steps including:receiving said content; extracting said user identification informationand said storage definition flag from said content; decrypting saidencrypted content depending on the existence of said user identificationinformation; judging, based on the validity of said user identificationinformation, whether said user identification information should beconverted into watermark information through spreading modulation andthen the watermark information should be embedded in said content;judging, based on the state of said storage definition flag, whethersaid decrypted content should be encrypted before being stored; andstoring said content having said watermark information embedded therein.8. A content distribution method in a content distribution systemincluding a distribution server and a terminal device connected througha network, wherein said distribution server executes steps including:adding user identification information and a storage definition flag tocontent, the user identification information being uniquely assigned tosaid terminal device, the storage definition flag having a statepreviously set on said terminal device side; encrypting said contenthaving said user identification information and said storage definitionflag added thereto; and transmitting said encrypted content to saidterminal device through said network, and said terminal device executessteps including: receiving and storing said content in a storage means;extracting said user identification information and said storagedefinition flag from the content when said content is read from saidstorage means; decrypting said encrypted content depending on theexistence of said user identification information; converting said useridentification information into watermark information through spreadingmodulation and embedding the watermark information in said decryptedcontent; and storing said content having said watermark informationembedded therein, in said storage means; wherein the storage definitionflag is used to determine whether said content should be encryptedbefore being stored.
 9. A terminal device for managing content,comprising: extraction means for, when watermark information generatedby performing spreading modulation on user identification informationand a storage definition flag is embedded in content, extracting saiduser identification information and said storage definition flag fromsaid watermark information embedded in said content, the useridentification information being uniquely assigned to said terminaldevice, the storage definition flag having a state previously set onsaid terminal device side; decryption means for, when said content hasbeen encrypted, decrypting the encrypted content depending on theexistence of said user identification information; judgment means forjudging, based on the state of said storage definition flag, whethersaid decrypted content should be encrypted before being stored; andstorage means for storing said content having said watermark informationembedded therein.